1 / 17

Malicious Code Awareness

Malicious Code Awareness. Virus Defense for Users. Created: October 2004. Malicious Code Awareness Training. Why Virus Awareness Training?. This training will provide all users: Enough data to make informed decisions about viruses

meli
Download Presentation

Malicious Code Awareness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Malicious Code Awareness Virus Defense for Users Created: October 2004

  2. Malicious Code Awareness Training Why Virus Awareness Training? This training will provide all users: • Enough data to make informed decisions about viruses • An understanding of criminal tactics used to infiltrate computers Viruses threaten all information systems.

  3. Malicious Code Awareness Training Critical Thinking • Am I expecting this attachment? • Is this the normal format of this file? • Is my antivirus software running correctly? • My machine seems slower than normal, should I report it?

  4. Malicious Code Awareness Training Is My Machine a Target? Yes • Viruses do not discriminate • Every organization is a target of criminals at some point • Any machine that houses financial information (reports, personnel data, credit card numbers, etc.) is a target

  5. Malicious Code Awareness Training How Can I Be Targeted? Email • Email should be considered suspect unless digitally signed by someone you know • Email “spoofing” is very easy, do not trust “From:” fields

  6. Malicious Code Awareness Training Email Attachments • Delete any attachment that you are not expecting • Do not open files of any type that are not anticipated (even if they appear to be harmless) EXE PIF COM BAT SCR VBS JPG

  7. Malicious Code Awareness Training Scams • Also known as “phishing” attempts • Do not follow requests for personal info in email • Do not trust links printed in messages, they may not lead where they appear to

  8. Malicious Code Awareness Training Email Review • No part of an unsigned, unexpected email should be trusted without investigation • “From,” Subject, and Message body can be easily crafted to fool anyone

  9. Malicious Code Awareness Training What Should I Do? • Be suspicious of any unexpected, unverifiable email, regardless of apparent source • Report/forward all suspicious email messages to security personnel

  10. Malicious Code Awareness Training Network Worms Viruses that spread without user intervention (without opening a file) • Worms exploit system vulnerabilities to gain unauthorized computer access • Often create noticeable slowdowns on host systems MyDoom Sasser Blaster Klez

  11. Malicious Code Awareness Training What Do I Watch For? • Report the presence of any suspicious file found on network • Reports of widespread virus activity • Such as the reports of Blaster & Sasser • Any abnormal system condition that cannot be explained: • Network access extremely slow • Computer hard drive is constantly in use

  12. Malicious Code Awareness Training Nefarious Web Content • Spyware/Adware prominent on the Internet • Often allows additional unwanted software to enter PC • Threatens internal data as well as normal network operations • Can come from anywhere

  13. Malicious Code Awareness Training What Do I Watch For? • Random pop-ups, especially advertisements for random products • Changes in normal web browser routines • New Home page at startup • Unknown toolbars/icons • New applets in the System Tray (next to the clock)

  14. Malicious Code Awareness Training Spyware Reporting • Document all suspicious Internet activity • Report all unknown configuration and software changes to security personnel • Do not just “put up with” random advertisements and redirections

  15. Malicious Code Awareness Training Normal Vigilance • Don’t visit web sites unassociated with work topics • Periodically check that antivirus signatures are current • Be aware of any new/suspicious files or folders that appear on your machine or servers

  16. Malicious Code Awareness Training How Do I Avoid Malware? • Do not download or install any software from the Internet without direction from network support • Do not open email/attachments from unknown sources • Do not open unexpected/verified attachments

  17. Malicious Code Awareness Training Report All Suspicious Activity Information Assurance Team: http://www.infectionvectors.com

More Related